In late August, the legal and financial minds of USFN Members, mortgage servicers, GSEs, and industry leaders converged in Dallas for USFN’s annual Compliance & Legal Issues Seminar, hosted at the JW Marriott Dallas Arts District. The two-day gathering opened with a deep dive into compliance, regulatory issues, and best practices followed by a second day focused on the most pressing legal topics of the year.
Day one began with a reality check on the evolution of compliance over the past 15 years, offering attendees a crash course on how to survive in an increasingly regulated industry. The advice was practical, to the point, and occasionally peppered with a few “what-notto-do” examples—a roadmap for the brave souls navigating this high-stakes regulatory landscape. After an intense morning of compliance metrics, the ballroom beckoned with a well-deserved buffet lunch.
Undoubtedly, the headliner of the day was “Cyber Issues from a Compliance Perspective.” The session featured a litany of nightmare-inducing scenarios where seemingly innocuous missteps opened up enormous liability for servicers, investors, and attorneys alike. Fortunately, the speakers were also quick to deliver solutions, best practices to navigate these digital landmines, and mitigate exposure. Rounding out the day were practical tips on vendor compliance and the essential ingredient for every successful firm: an ethical workspace.
After an engaging educational first day, attendees were treated to a more relaxed evening at the historic Arts District Mansion. Built in 1890, the mansion’s NeoClassical Revival architecture offered a touch of nostalgia, taking guests back to Dallas’ transition from frontier town to modern metropolis.
Live music by Joseph Patrick Neville set the mood as participants mingled and enjoyed dinner, all while mentally preparing for day two.
Several ambitious souls, perhaps undeterred by the Texas heat, took to the Katy Trail early the next morning, proving that compliance and legal professionals are not only resilient in boardrooms but also in beating the sun.
Day two commenced with an engaging discussion moderated by Andy Saag, featuring Eliza Financial Protection Bureau and Katie Jo Keeling, who dissected the CFPB’s proposed amendments to Regulation X. The day’s agenda spanned bankruptcy hot topics, recent case law updates, and a roundtable tackling the legal issues affecting the entire industry. Of particular interest was an ethics session on managing AI in the legal workspace; a topic that reminded us that even machines require a moral compass.
Despite the sweltering Texas heat, the 2024 Compliance and Legal Issues Seminar was deemed a tremendous success. With its luxurious setting, timely content, and a stellar mix of USFN members, servicers, and GSEs, this event is now firmly marked as “can’t miss.” Needless to say, 2025 has some big shoes to fill when the Compliance & Legal Issues Seminar returns to the JW Marriott Dallas Arts District, August 21-22!
The 6 Pillars of Success: Best Practices to Minimize Liability and Maximize Efficiency
As Federal and Local Regulators continue to beef up policies within the mortgage industry, operational compliance is more important than ever. Due to the complex nature of the mortgage industry, we must always take into consideration the fact that our landscape is designed to protect consumers, and our compliance with local and federal laws is of utmost importance to a successful business. Minimizing liability and litigation avoidance are of paramount importance. Creating a compliance framework that is effective and realistic will ensure operations flow smoothly. This article will discuss the six pillars of compliance and why these philosophies should play a pivotal role in any mortgage default operation.
1. Understanding the Compliance Landscape
First, any successful operation must understand the current compliance landscape. Again, the mortgage industry operates within a very large network of intertwined ideas and organizations. Knowing the key players and how they impact the industry is imperative to compliant operations. There are federal and local laws and organizations that are at the helm of almost all our daily operations. Knowing the relevant organizations and laws will foster an understanding of what the business requires. The creation of the Consumer Financial Protection Bureau (CFPB), and the recent Supreme Court decision upholding the constitutionality of its structure, show that strict government oversight of our industry is here to stay. To gather this information, you will need to recruit individuals for your compliance team that understand this framework and are eager to dig in and understand the nuts and bolts of the mortgage industry.
Familiarity with the Fair Debt Collection Practices Act (FDCPA), Real Estate Settlement Procedures Act (RESPA), Servicemembers Civil Relief Act (SCRA), U.S. Bankruptcy Code, and a slew of other federal and local privacy acts and consumer protection statutes, are a necessary requirement to navigating the stormy waters of the mortgage default industry. The constantly shifting compliance landscape requires eternal vigilance to prevent a misstep. For instance, the rewrite of the FDCPA with Regulation F, and implementation of the “Debt Collection Rule,” as well as the issuance of the “Model Validation Letter” for debt collectors, required a significant investment of time by practitioners and industry participants in order to digest the new requirements and put sufficient practices into place to ensure compliance.
Likewise, new case law is frequently issued by the courts which alters prior practices, notwithstanding any change to the underlying law. The recent case of Show Me State Premium Homes, LLC v. George McDonnell, No. 22-1894 (8th Cir. 2023), even though only technically binding legal authority in one federal judicial circuit, had far-reaching implications for the industry, as some of the major title insurance underwriters have applied the ruling nationwide.
2. Establish Clear Policies and Procedures
Secondly, once we have a team in place to help us understand the laws, rules, and regulations, who is creating them, and the intended public policy behind them, we then need to establish clear policies and procedures to ensure that we are compliant. To establish clear policies and procedures, we must be sure to include the following when drafting guidelines: the policy purpose and scope, outline of roles and responsibilities, primary principles of the policy, details of any procedures and guidelines that will help employees comply, consequences of violations, and the necessary steps to ensure compliance. If the policies and procedures are concisely laid out, they will be easier to understand and follow. Having one person within the compliance team responsible for drafting and updating these policies is crucial. Although organizational compliance is a group effort, it is beneficial to have one writing style and method behind the policies and procedures. Having too many individuals involved can often lead to confusing piecemeal ideas that do not have a synchronized flow, thus making it difficult for the reader to comprehend.
3. Keep up to date with compliance training, reporting and monitoring.
Next, we must keep up with training, reporting, and monitoring. In the mortgage industry, many businesses are already required to keep track of training as well as policy and procedure updates. This is usually based on work standards provided by clients. It is important to come up with a system that works for your operation. There should be a base standard for how often training and updating must occur, which should be at hire for new staff, and at least annually for all others, to be used for clients that do not provide a standard timeframe. Then, reporting and monitoring should be used to ensure the more restrictive client policies are being followed. An individual on the compliance team should be responsible for monitoring all the policies and procedures to be sure they are reviewed and updated on a yearly or more frequent basis for training purposes. This person would also be responsible for ensuring the more restrictive standards for training and updating are reviewed in a timely fashion. This may be tracked in a report, within the organization’s case management system, or with some sort of third-party compliance tracking system. This compliance leader would also be responsible for setting up training sessions to fit within the necessary timeframes. They would also track and document employee completion of training.
4. Regular risk assessment and management
Once a method for training and tracking of policies and procedures is implemented, the leaders of the compliance team should come up with a robust risk assessment plan. This plan should contain the following steps to ensure effectiveness: First, the plan should identify the risk in question and analyze the level of that stated risk. Identifying the level of risk will help with the next step of determining what actions might have to be taken to mitigate the risk. Obviously, the higher the risk, the more active the organization will need to be in order to mitigate it. Any type of high-level risks should be brought to the highest level of management within the organization and there should be a specific plan in place to handle. A determination may need to be made as to whether to escalate a matter to in-house counsel and/or outside counsel. Keeping risk assessment procedures with your compliance leaders allows for everyone to be aware of what potential issues can arise within the business operation. Knowing is half of the battle.
5. Regular reviews and audits
Now that we have developed policies and procedures based on the current compliance environment and have reviewed and trained on these policies thoroughly, it is critical that we continually self-audit to be sure that policies and procedures are not missing any crucial steps. These self-audits can be completed by members of the compliance team, but it is sometimes beneficial to have these audits completed by managers and team leads, as these are the folks handling the day to day. It may, in some situations, be worthwhile or necessary to have an audit conducted by an outside party.
While not necessarily required, audits that meet various industry standards, such as SOC 1 (previously SAS70 or SSAE 16), SOC 2, or SOC 3, may be warranted. If there is a gap in the process, it would be beneficial for these individuals to see the issue so they can understand how to fix it. They could then work with members of the compliance team to be sure their observations are taken into consideration when updating the policies and procedures. Seeing the problem will also help managers train their staff on the changes that need to be implemented.
Self-audits also greatly benefit the organization, as they can identify gaps and holes before there is an actual client audit. Catching the problem be fore a client does is one of the main reasons for having a robust compliance team.
6. Strong compliance-based community
Finally, fostering a compliance mind ed community within the organiza tion will help tie everything we have discussed together. Having employees who are willing to “say something” if they “see something” only makes the company stronger. The more eyes, the better. Having managers and attorneys who are welcoming to individuals’ questions and concerns will help facilitate this type of com munity. Introducing engaging training sessions where all employees are free to express concerns or worries may help point out issues for which the compliance team was unaware. This team environment not only builds a strong compliance web, but it also builds relationships and morale within the organization. Having annual or more frequent tests of compliance protocols, “desktop” and otherwise, is highly recommended, in order to ensure that those protocols do not fail under real-world conditions.
Working within the mortgage servicing industry has really been an eye-open ing experience as to how truly integral compliance management is to a successful organization. By adhering to the principles of the six pillars, you can be sure that you are covering your bases.
Remember, the task of complying is not easy, nor is it generally “fun,” as a change in a policy or procedure usually means there was a problem to begin with. For this reason, we should all take a step back and thank our compliance heroes for keeping us on the up and up on a daily basis.